Pages:
Author

Topic: Bitmessage - Alternativa decentralizzata all'email (Read 43168 times)

staff
Activity: 4256
Merit: 1208
I support freedom of choice
Bug sono stati risolti, ma la versione android non credo che funzioni e/o sia mantenuta.
hero member
Activity: 2968
Merit: 605
quindi il sistema e ancora valido? il bug e stato risolto? lo voglio provare,link per scaricare versione android?...
staff
Activity: 4256
Merit: 1208
I support freedom of choice
Qua si possono trovare release non ancora ufficialmente rilasciate
https://download.bitmessage.org/snapshots/win32/
staff
Activity: 4256
Merit: 1208
I support freedom of choice
member
Activity: 383
Merit: 16
Qualcuno ha il link della ultima release?
newbie
Activity: 34
Merit: 0
Sento che Bitmessage è bello perché usa le prove di lavoro di tipo bitcoin per i messaggi, ma piuttosto ha sostituito le gerarchie di posta elettronica.
Very cool!  Cheesy
newbie
Activity: 9
Merit: 0
Grazie x l'informazione buono a sapersi...Utilizzerò l'ultima versione!
staff
Activity: 4256
Merit: 1208
I support freedom of choice
Si, è stato sistemato.
Assicurati di usare l'ultima versione.
newbie
Activity: 9
Merit: 0
è ancora valido come sistema?Leggevo di un bug di sicurezza sapete se è stato fixato?
jr. member
Activity: 34
Merit: 2
Helping the blockchain world build secure++ stuff!
(Apologies for the EN)

Code:
-        classBase = eval(data[""] + "." + data[""].title())
-    except NameError:
-        logger.error("Don't know how to handle message type: \"%s\"", data[""])
+        m = import_module("messagetypes." + data[""])
+        classBase = getattr(m, data[""].title())
+    except (NameError, ImportError):
+        logger.error("Don't know how to handle message type: \"%s\"", data[""], exc_info=True)

Yes, eval() is quite dangerous to use in almost any context other than on static, internal data. Definitely not safe to use on anything tainted by user input.

Looking at their security tagged issues, Firejail looks like a good step in the direction in general for sandboxing interactions:

https://github.com/Bitmessage/PyBitmessage/labels/security
newbie
Activity: 18
Merit: 0
spero che la vulnerabilita venga fixata, peccato era un progetto davvero utile ed interessante
hero member
Activity: 644
Merit: 504
Segnalo
Quote
A RCE vulnerability was found in Bitmessage. Shut down any BM software immediately. You're fine if you don't use BM.
https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9#comments
Compare nelle news di questo forum.

Aggiungo:
https://bitmessage.org/wiki/Main_Page

"A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected. We will release binary files for Windows and macOS tomorrow (2018-02-14). In the mean time, users who use binaries should downgrade to 0.6.1 using the links below.

Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.

We greatly apologize for the issue and we hope to release more information as it becomes available.
"
legendary
Activity: 2506
Merit: 1120
Segnalo
Quote
A RCE vulnerability was found in Bitmessage. Shut down any BM software immediately. You're fine if you don't use BM.
https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9#comments
Compare nelle news di questo forum.
newbie
Activity: 15
Merit: 0
Grande progetto, mi piace molto questa idea e da provare
staff
Activity: 4256
Merit: 1208
I support freedom of choice
staff
Activity: 4256
Merit: 1208
I support freedom of choice
staff
Activity: 4256
Merit: 1208
I support freedom of choice
Per chi vuole partecipare, è ora possibile fare la traduzione in italiano di Bitmessage:
https://www.transifex.com/bitmessage-project/pybitmessage/translate/#it

Uscita anche nuova versione! v0.5.8

https://github.com/mailchuck/PyBitmessage/releases/tag/v0.5.8


Quote
Since there hasn't been a new release for a while, I am making a new one. Since there isn't much work left to do before the 0.6.0 milestone, this will likely be the last 0.5.x release. If you want to make sure that 0.6 works smoothly, please try out this release and report back issues that you're having. Also, I would appreciate if people helped with the translations, I set it up on an online service Transifex so that you can do that very easily from your browser:

https://www.transifex.com/bitmessage-project/pybitmessage/

This release includes bugfixes, security improvements and some refactoring (thanks to @mirrorwish). In particular due to the security improvements I recommend that 0.4.4 users update too, as some denonymisation attacks have been addressed.

This is the list of changes:

newly arrived messages were sometimes missing or were not displayed correctly
IPv6 thread names can be correctly parsed by some logging tools
private IP range checks improved
lock file is cleaned up on exit
blacklist/whitelist labels can now be edited
don't unnecessarily send ACKs (this could have been misused for deanonymisation attacks)
don't allow getdata spamming (mitigates deanonymisation attacks)
search has been improved, now it can search without having to press return, and applies to newly selected folders and newly arrived messages
email gateway status query and settings change can be done from a menu
email gateway registration rejection messages now popup a request for changing the email address
always try all decryption keys (mitigates timing attacks)
translation system changes, fixes and updates to some translations
nodes with port 0 are rejected
HTML parser has security and rendering fixes
links for http(s) and bitcoin URIs allow an external handler in text mode also (subject to manual confirmation)
email links are handled internally (by clicking an email link, it will start composing a message to that address)
close to tray is now available
simple keybindings for quick navigation (N)ext, (P)revious, (R)eply, (C)ompose, (F)ind.
copying unicode to clipboard fixed
"Sent" folder in chans now displays both messages you sent to the channel as well as messages you sent from that channel address
multiple unicode fixes
"All identities" now has a "sent" and "trash" folder too
improvements in Tor support (reduced number of parallel connections, and PyBitmessage can now connect to hidden service nodes, but still cannot fully host a hidden service itself)
UPnP fixes
some UI refactoring (thanks @mirrorwish)
build scripts for OSX and Windows updated (I have been using them just haven't published the updates until now)
staff
Activity: 4256
Merit: 1208
I support freedom of choice
Mi sono anche creato una nuova identità, l'altra per ora è in pausa e/o persa Grin

HostFat - BM-NByGrE7Vs9dZUvS6GibdhafVfjr175ys
staff
Activity: 4256
Merit: 1208
I support freedom of choice
Nuova release 0.5.7 Smiley

https://github.com/mailchuck/PyBitmessage/releases/tag/v0.5.7


Quote
This release has an overall smoother experience. Tons of bug fixes and things that have been cleaned up.

Fixes:
- Message subjects can now be copied to clipboard again and work correctly when replying to gatewayed messages
- Portable mode should now work correctly on OSX
- Windows/OSX binaries have all the system elements (like Ok buttons) correctly localised.
- external UPnP port is now remembered across restarts
- Improved unicode handling, including invalid characters
- Search text will remain after searching is finished
- Minor spelling fixes (thanks to itsexe)
- Daemon mode fix when Qt is not available. Running PyBitmessage on headless machines now works again without problems.
- Improved search method for OpenSSL libraries. For 0.5.6, some Windows users were unable to launch Bitmessage because they had an incompatible OpenSSL library somewhere on their system. This won't be a problem anymore.
- PyBitmessage shuts down correctly if you quit immediately after launching it
- Message composing will not allow rich text anymore (it just screwed up pasting, and it was ignored once you sent the message anyway)
- Sent folder shows new sent messages correctly
- Consequent spaces in message content displayed correctly
- Message quoting fixed for messages containing HTML tags
- Messages from subscriptions have the correct colour
- Addressbook editing now changes existing entries in the message list
- Labels of subscriptions and chans can now be edited also through the addressbook and update the rest of the interface automatically
- Enabling/disabling addresses updates the addressbook automatically
- Adding new entries to blacklist didn't update the list immediately
- Number of unread messages displayed more correctly
- The Windows binary now really uses OpenSSL 1.0.2e. The previous release was announced as using OpenSSL 1.0.2e but didn't, and it also sometimes included a different OpenSSL version from the system path.

New features and enhancements:
- Message contents when viewing and composing can be zoomed (Ctrl + MouseWhell, like in a browser)
- When replying, the cursor is positioned inside the message body
- Contact support form includes python and OpenSSL version
- Messages are downloaded faster from the network peers
Pages:
Jump to: